<?php
//include db configuration file
include_once("connection.php"); 

if(isset($_POST["myID_Sach"])) 
{	//check $_POST["content_txt"] is not empty

	//sanitize post value, PHP filter FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH Strip tags, encode special characters.
	
	$x=$_POST["myID_Sach"];
	$y=$_POST["myID_Gianhap"];
	$z=$_POST["myID_Soluong"];
	$thanhtien=$y*$z;
	$tongtien=0;
	
	
	// Insert sanitize string in record
/*	$insert_row =  mysql_query("INSERT INTO Tham_gia SET ID_Tac_gia=N'".$x."', ID_Sach=N'".$x."' "); 
*/	 
	if($x)
	{
		$result= mysql_query("SELECT * FROM Sach WHERE ID=N'".$x."'");
		$row = mysql_fetch_array($result); 
		$tensach=$row['Ten_sach'];
		//Record was successfully inserted, respond result back to index page
		
		$result= mysql_query("SELECT * FROM Tac_gia WHERE ID=N'".$x."'");
		$row = mysql_fetch_array($result); 
		$tentacgia=$row['Ten_tac_gia'];
		
		echo "<tr><td width='50' class='center'>
		<input class='checkbox1' type='checkbox' name='data[]' value=''>  </td>'
										+ ' <td width='50' class='center' name='idsach[]'>$x</td>'
										+ ' <td width='300' class='center' name='tensach[]'>$tensach</td>'
										+ ' <td width='200' class='center' name='gianhap[]'>$y</td>'
										+ ' <td width='100' class='center' name='soluong[]'>$z</td>'
										+ ' <td width='150' class='center'name='thanhtien[]' id='thanhtien'>$thanhtien </td>
										+ ' <td width='150' class='center'>$tongtien</td>'
										  </tr>'";
	}else{
		
		echo $x."<br />";
		//header('HTTP/1.1 500 '.mysql_error()); //display sql errors.. must not output sql errors in live mode.
		header('HTTP/1.1 500 Looks like mysql error, could not insert record!');
		exit();
	}

}
elseif(isset($_POST["recordToDelete"]) && strlen($_POST["recordToDelete"])>0 && is_numeric($_POST["recordToDelete"]))
{	//do we have a delete request? $_POST["recordToDelete"]

	//sanitize post value, PHP filter FILTER_SANITIZE_NUMBER_INT removes all characters except digits, plus and minus sign.
	$idToDelete = filter_var($_POST["recordToDelete"],FILTER_SANITIZE_NUMBER_INT); 
	
	//try deleting record using the record ID we received from POST
	$delete_row = $mysqli->query("DELETE FROM Tham_gia WHERE id=".$idToDelete);
	
	if(!$delete_row)
	{    
		//If mysql delete query was unsuccessful, output error 
		header('HTTP/1.1 500 Could not delete record!');
		exit();
	}
	$mysqli->close(); //close db connection
}
else
{
	//Output error
	header('HTTP/1.1 500 Error occurred, Could not process request!');
    exit();
}


?>